Vulnerabilities > 10Up
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-01 | CVE-2021-4405 | Unspecified vulnerability in 10Up Elasticpress The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. | 4.3 |
2022-09-26 | CVE-2022-1613 | Authorization Bypass Through User-Controlled Key vulnerability in 10Up Restricted Site Access The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations. | 5.3 |
2022-04-18 | CVE-2022-1091 | Cross-site Scripting vulnerability in 10Up Safe SVG The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. | 4.3 |
2019-11-11 | CVE-2019-18855 | Unspecified vulnerability in 10Up Safe SVG A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. | 7.5 |
2019-11-11 | CVE-2019-18854 | Uncontrolled Recursion vulnerability in 10Up Safe SVG A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... | 7.5 |